Mark Woan (@woanware)
github

woanware

Twitter logo Share LinkedIn logo Share Facebook logo Share

Top repositories

1

LogViewer

LogViewer for viewing and searching large text files...
C#
414
star
2

usbdeviceforensics

Python script for extracting USB information from Windows registry hives
Python
124
star
3

autorunner

Emulates the Sysinternals Autoruns tool, but for DFIR purposes e.g. multi user processing
C#
52
star
4

LogViewer2

Application for viewing/searching large text/log files (WPF port of the original LogViewer)
C#
50
star
5

ForensicUserInfo

Extracts Windows user info including the password hashes
C#
38
star
6

lookuper

Looks stuff up (MD5, SHA256, IP, Domains, URL's, strings e.g. mutexes)...
Go
36
star
7

woanware.github.io

HTML
32
star
8

wmi-parser

Parses the WMI object database....looking for persistence
C#
31
star
9

etw-event-dumper

C#
31
star
10

TargetAnalyser

Tool for analysts to perform simultaneous lookups (IP, Domain, URL, MD5) against multiple data sources
C#
29
star
11

application-restriction-bypasses

A set of compiled application restriction bypasses
PowerShell
29
star
12

NetworkScanViewer

C#
22
star
13

JumpLister

C#
18
star
14

bgp-watcher

Prototype system to monitor BGP routes and alert when anomalies are identified
Go
14
star
15

Win32Security

C#
12
star
16

SessionViewer

SessionViewer is a PCAP TCP session reconstructor with a UI to view the data flows, and export data
C#
12
star
17

volatility-runner

volatility-runner is a command line application designed to speed up memory forensics using the volatility framework, primarily for instances where the user has multiple memory dumps to analyse.
Go
11
star
18

reg-entropy-scanner

Scans through registry hives outputting entropy values for key/values, dumps binary contents to files...we are looking for those "fileless" malwarez!
C#
10
star
19

log-file-decrufter

Go
9
star
20

javaidx

C#
8
star
21

win-catalog-dotnet

Managed library for accessing the Windows security catalog files
C#
8
star
22

exefinder

C#
8
star
23

xor

C#
7
star
24

extract-web-domains

Tool to extract domains/IP's from files
Go
6
star
25

EventLogParser

C#
6
star
26

shimcacheparser

C#
5
star
27

tr3_tool_kit

Repository to store the tools for Corey Harrell's Tr3Secure Data Collection script
Shell
5
star
28

filesender

Send files simply using Google Drive...it's a cross between https://github.com/schollz/croc and https://github.com/google/skicka
Go
5
star
29

shellify

This is a fork from the Shellify project hosted on sourceforge. It replaces my own LNK parser as it has more features!
C#
4
star
30

RegRipperRunner

C#
4
star
31

VtLookup

C#
4
star
32

threatexpertchecker

C#
3
star
33

snorbert

Snort data viewer...
C#
3
star
34

word-password-generator

Console application to generate word based passwords using Mnemonicodes
C#
3
star
35

ooxml-checker

Go
2
star
36

csv2xlsx

C#
2
star
37

RiskIqSharp

C# library (.Net 6) to interact with the RiskIQ/PassiveTotal API
C#
2
star
38

csv-value-counter

A rewrite in golang of my .Net csvvaluecounter tool. Basically it counts the number of a particular field in a text file or CSV file
Go
2
star
39

logsifter

C#
2
star
40

csvvaluecounter

C#
1
star
41

HttpKit

C#
1
star
42

log-sifter

Performs normalised levenshtein distance calculations on log entries to reduce repeated data...
Go
1
star